From: Rick Edgecombe <rick.p.edgecombe@intel.com>
To: akpm@linux-foundation.org, luto@kernel.org, will.deacon@arm.com,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
kernel-hardening@lists.openwall.com,
naveen.n.rao@linux.vnet.ibm.com, anil.s.keshavamurthy@intel.com,
davem@davemloft.net, mhiramat@kernel.org, rostedt@goodmis.org,
mingo@redhat.com, ast@kernel.org, daniel@iogearbox.net,
jeyu@kernel.org, namit@vmware.com, netdev@vger.kernel.org,
ard.biesheuvel@linaro.org, jannh@google.com
Cc: kristen@linux.intel.com, dave.hansen@intel.com,
deneen.t.dock@intel.com,
Rick Edgecombe <rick.p.edgecombe@intel.com>
Subject: [PATCH v2 3/4] bpf: switch to new vmalloc vfree flags
Date: Tue, 11 Dec 2018 16:03:53 -0800 [thread overview]
Message-ID: <20181212000354.31955-4-rick.p.edgecombe@intel.com> (raw)
In-Reply-To: <20181212000354.31955-1-rick.p.edgecombe@intel.com>
This switches to use the new vmalloc flags to control freeing memory with
special permissions.
Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
---
include/linux/filter.h | 26 ++++++++++++--------------
kernel/bpf/core.c | 1 -
2 files changed, 12 insertions(+), 15 deletions(-)
diff --git a/include/linux/filter.h b/include/linux/filter.h
index 795ff0b869bb..2aeb93d3337d 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -20,6 +20,7 @@
#include <linux/set_memory.h>
#include <linux/kallsyms.h>
#include <linux/if_vlan.h>
+#include <linux/vmalloc.h>
#include <net/sch_generic.h>
@@ -487,7 +488,6 @@ struct bpf_prog {
u16 pages; /* Number of allocated pages */
u16 jited:1, /* Is our filter JIT'ed? */
jit_requested:1,/* archs need to JIT the prog */
- undo_set_mem:1, /* Passed set_memory_ro() checkpoint */
gpl_compatible:1, /* Is filter GPL compatible? */
cb_access:1, /* Is control block accessed? */
dst_needed:1, /* Do we need dst entry? */
@@ -699,24 +699,23 @@ bpf_ctx_narrow_access_ok(u32 off, u32 size, u32 size_default)
static inline void bpf_prog_lock_ro(struct bpf_prog *fp)
{
- fp->undo_set_mem = 1;
- set_memory_ro((unsigned long)fp, fp->pages);
-}
+ struct vm_struct *vm = find_vm_area(fp);
-static inline void bpf_prog_unlock_ro(struct bpf_prog *fp)
-{
- if (fp->undo_set_mem)
- set_memory_rw((unsigned long)fp, fp->pages);
+ if (vm)
+ vm->flags |= VM_HAS_SPECIAL_PERMS;
+ set_memory_ro((unsigned long)fp, fp->pages);
}
static inline void bpf_jit_binary_lock_ro(struct bpf_binary_header *hdr)
{
- set_memory_ro((unsigned long)hdr, hdr->pages);
-}
+ struct vm_struct *vm = find_vm_area(hdr);
-static inline void bpf_jit_binary_unlock_ro(struct bpf_binary_header *hdr)
-{
- set_memory_rw((unsigned long)hdr, hdr->pages);
+ if (vm) {
+ vm->flags |= VM_HAS_SPECIAL_PERMS;
+ vm->flags |= VM_IMMEDIATE_UNMAP;
+ }
+
+ set_memory_ro((unsigned long)hdr, hdr->pages);
}
static inline struct bpf_binary_header *
@@ -746,7 +745,6 @@ void __bpf_prog_free(struct bpf_prog *fp);
static inline void bpf_prog_unlock_free(struct bpf_prog *fp)
{
- bpf_prog_unlock_ro(fp);
__bpf_prog_free(fp);
}
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index b1a3545d0ec8..bd3efd7ce526 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -663,7 +663,6 @@ void __weak bpf_jit_free(struct bpf_prog *fp)
if (fp->jited) {
struct bpf_binary_header *hdr = bpf_jit_binary_hdr(fp);
- bpf_jit_binary_unlock_ro(hdr);
bpf_jit_binary_free(hdr);
WARN_ON_ONCE(!bpf_prog_kallsyms_verify_off(fp));
--
2.17.1
next prev parent reply other threads:[~2018-12-12 0:12 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-12-12 0:03 [PATCH v2 0/4] Don’t leave executable TLB entries to freed pages Rick Edgecombe
2018-12-12 0:03 ` [PATCH v2 1/4] vmalloc: New flags for safe vfree on special perms Rick Edgecombe
2018-12-12 2:20 ` Andy Lutomirski
2018-12-12 19:50 ` Edgecombe, Rick P
2018-12-12 19:57 ` Andy Lutomirski
2018-12-12 22:01 ` Edgecombe, Rick P
2018-12-15 18:52 ` Andy Lutomirski
2018-12-18 0:23 ` Edgecombe, Rick P
2018-12-18 1:02 ` Andy Lutomirski
2018-12-21 16:39 ` Ard Biesheuvel
2018-12-21 17:12 ` Andy Lutomirski
2018-12-21 17:25 ` Ard Biesheuvel
[not found] ` <cd2d6714cdd776e7f12d4e8752ef1682606ccde1.camel@intel.com>
2018-12-22 11:12 ` Ard Biesheuvel
2018-12-12 0:03 ` [PATCH v2 2/4] modules: Add new special vfree flags Rick Edgecombe
2018-12-12 23:40 ` Nadav Amit
2018-12-13 19:02 ` Edgecombe, Rick P
2018-12-13 19:27 ` Nadav Amit
2018-12-13 21:48 ` Edgecombe, Rick P
2018-12-12 0:03 ` Rick Edgecombe [this message]
2018-12-12 0:03 ` [PATCH v2 4/4] x86/vmalloc: Add TLB efficient x86 arch_vunmap Rick Edgecombe
2018-12-12 2:24 ` Andy Lutomirski
2018-12-12 19:51 ` Edgecombe, Rick P
2018-12-12 6:30 ` Nadav Amit
2018-12-12 21:05 ` Edgecombe, Rick P
2018-12-12 21:16 ` Nadav Amit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181212000354.31955-4-rick.p.edgecombe@intel.com \
--to=rick.p.edgecombe@intel.com \
--cc=akpm@linux-foundation.org \
--cc=anil.s.keshavamurthy@intel.com \
--cc=ard.biesheuvel@linaro.org \
--cc=ast@kernel.org \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@intel.com \
--cc=davem@davemloft.net \
--cc=deneen.t.dock@intel.com \
--cc=jannh@google.com \
--cc=jeyu@kernel.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=kristen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=namit@vmware.com \
--cc=naveen.n.rao@linux.vnet.ibm.com \
--cc=netdev@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).